My SHC Community

Sears Holding Corporation (SHC), the parent company of Sears & K-Mart KMart [updated 01/07/08] stores, has recently come under fire regarding their My SHC Community application, developed by VoiceFive, a subsidiary of comScore. The concerns are focused around whether users are adequately informed about what the application does before they install it and whether information provided to users is consistent and clear. The application tracks, in quite a bit of depth, a user’s behavior online, including capturing details of purchases, headers of web-based e-mails, and other content. Both companies assert strong policies and technical controls to protect the data from prying eyes, both within and outside of their organizations. They also state that they use scrubbing techniques to delete passwords, social security numbers, credit card numbers, and other confidential data before these data are sent to their servers.

StopBadware has been looking into this situation and has had productive conversations with both SHC and comScore. The two companies are currently evaluating our recommendations, which include making significant improvements to disclosure text and placement, ensuring consistency in privacy policies, and providing an indicator to the computer user when the software is running. SHC tells us that they intend to make one change, which will move a paragraph explaining the tracking to the top of the end user license agreement (EULA), later today.

We appreciate the engagement by SHC and comScore. Dialog with both companies is ongoing, and we will provide updated information as it becomes available.